<html xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout" xmlns:th="http://www.thymeleaf.org"
    layout:decorate="~{index.html}">

<body>
    <div layout:fragment="content">
        <div class="container-fluid mt-3 text-sm p-4 bg-light">
            <div class="display-5">Welcome to OWASP WrongSecrets</div>
            <p class="lead">
                Learn about secrets management by finding real secrets hidden in code, configuration files, and cloud infrastructure.
            </p>
            <hr class="my-2 my-lg-3" />

            <div class="alert alert-info" role="alert">
                <h5 class="alert-heading">🎯 How to Play</h5>
                <p class="mb-2"><strong>Your Mission:</strong> Find hidden secrets in this repository and enter them to score points!</p>
                <p class="mb-2"><strong>Where to Look:</strong></p>
                <ul class="mb-2">
                    <li>📁 Source code files (Java, JavaScript, etc.)</li>
                    <li>🐳 Docker files and configurations</li>
                    <li>☁️ Cloud deployment configurations (AWS, GCP, Azure)</li>
                    <li>🔧 Environment variables and config files</li>
                    <li>🗄️ Vault and secret management tools</li>
                </ul>
                <p class="mb-0"><strong>Getting Started:</strong> Check out the <a href="https://github.com/OWASP/wrongsecrets" target="_blank">GitHub repository</a> to examine the code and find the secrets!</p>
            </div>

            <p>
                <strong>Pro Tip:</strong> Each challenge below has a different difficulty level and may require different environments.
                Start with the easier ones and work your way up! 🚀
            </p>
        </div>
        <div class="container-fluid text-sm p-2 p-lg-3 mt-lg-3">
            <div class="row">
                <div class="col-12 col-lg-7">
                    <div class="mb-3">
                        <small class="text">
                            <strong>Difficulty:</strong> ⭐ (Easy) ⭐⭐ (Medium) ⭐⭐⭐ (Hard) ⭐⭐⭐⭐ (Expert) ⭐⭐⭐⭐⭐ (Master) |
                            <strong>Environment:</strong> Where the challenge can be solved
                        </small>
                    </div>
                    <table class="table table-responsive" id="challenge_overview" data-cy="challenge-overview">
                        <thead>
                            <tr>
                                <th scope="col" class="d-none d-xl-table-cell">#</th>
                                <th scope="col">&nbsp;Challenge&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</th>
                                <th scope="col">Focus&nbsp;&nbsp;&nbsp;</th>
                                <th scope="col" class="d-none d-md-table-cell">
                                    Difficulty&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                                </th>
                                <th scope="col"
                                    th:text="'Runs on environment (current: '+${#strings.replace(environment,'_',' _')}+')'">
                                </th>
                                <th scope="col" class="d-none d-xl-table-cell">Solved</th>
                            </tr>
                        </thead>
                        <tbody>
                            <tr th:each="challenge,iter: ${challenges}"
                                th:class="${challenge.challengeCompleted} ? solved : ''" data-cy="challenge-row">
                                <th scope="row" class="d-none d-xl-table-cell" th:text="${iter.count} - 1"></th>
                                <td>
                                    &nbsp;<span class="d-xl-none" th:if="${challenge.challengeCompleted}">&#9745;
                                    </span>
                                    <a th:href="'/challenge/' + ${challenge.link}"
                                        th:class="${challenge.isChallengeEnabled} ? '' : 'disabled'">
                                        <span th:text="${challenge.name}"
                                            th:attr="data-cy=${challenge.getDataLabel}"></span>
                                    </a>
                                </td>
                                <td th:text="${challenge.tech}"></td>
                                <td class="d-none d-md-table-cell" th:text="${challenge.starsOnScale}"></td>
                                <td th:text="${challenge.runtimeEnvironmentCategory}">
                                </td>
                                <td class="d-none d-xl-table-cell">
                                    <span th:if="${challenge.challengeCompleted}">&#9745;</span>
                                </td>
                            </tr>
                        </tbody>
                    </table>
                    <p th:if="${ctfServerAddress == null}" th:text="'Total score: '+${totalScore}"
                        th:attr="data-cy='total-score'"></p>
                    <p th:if="${ctfServerAddress != null}"
                        th:text="'Scoring and progress keeping is disabled in CTF mode, have a look at '+${ctfServerAddress}+' for your actual score and progress'">
                    </p>

                    <div class="alert alert-warning" role="alert">
                        <h6 class="alert-heading">🚀 Ready to Start?</h6>
                        <p class="mb-2">1. <strong>Choose a challenge</strong> from the table above</p>
                        <p class="mb-2">2. <strong>Examine the repository</strong> - Look at the <a href="https://github.com/OWASP/wrongsecrets" target="_blank">source code, config files, and documentation</a></p>
                        <p class="mb-2">3. <strong>Find the secret</strong> - It could be in plain text, encoded, or stored in environment variables</p>
                        <p class="mb-0">4. <strong>Enter your answer</strong> - Submit the secret to score points!</p>
                    </div>

                    <!--                <p th:text="'You are currently running on the following environment: '+${environment}"></p>-->
                    <p>Hasty? Here is the Vault <a href="spoil/challenge-7"
                            data-cy="show-secret-spoiler-link">secret;-)</a>
                    </p>
                </div>
                <div class="col-12 col-lg-4 offset-lg-1">
                    <div class="border border-dark thank-you text-center">
                        Like what you see? Please <br />
                        <a class="github-button" href="https://github.com/OWASP/wrongsecrets" data-icon="octicon-star"
                            data-size="large" data-color-scheme="dark: light;" data-show-count="true"
                            aria-label="Star commjoen/wrongsecrets on GitHub">Star us on Github</a>
                        <div class="text-center">Note: The above button only takes you to the repository. Please ensure
                            to
                            star the repository once you are there!
                        </div>
                    </div>
                    <div class="border border-dark thank-you">
                        <html>

                        <head></head>

                        <body>
                            OWASP Project Leaders:
                            <ul>
                                <li><a href='https://www.github.com/bendehaan'>Ben de Haan @bendehaan</a></li>
                                <li><a href='https://www.github.com/commjoen'>Jeroen Willemsen @commjoen</a></li>
                            </ul>
                            Top Contributors:
                            <ul>
                                <li><a href='https://www.github.com/J12934'>Jannik Hollenbach @J12934</a></li>
                                <li><a href='https://www.github.com/puneeth072003'>Puneeth Y @puneeth072003</a></li>
                                <li><a href='https://www.github.com/RemakingEden'>Joss Sparkes @RemakingEden</a></li>
                            </ul>
                            Contributors:
                            <ul>
                                <li><a href='https://www.github.com/nbaars'>Nanne Baars @nbaars</a></li>
                                <li><a href='https://www.github.com/drnow4u'>Marcin Nowak @drnow4u</a></li>
                                <li><a href='https://www.github.com/roddas'>Rodolfo Neves @roddas</a></li>
                                <li><a href='https://www.github.com/osamamagdy'>Osama Magdy @osamamagdy</a></li>
                                <li><a href='https://www.github.com/Shubham-Patel07'>Shubham Patel @Shubham-Patel07</a>
                                </li>
                                <li><a href='https://www.github.com/za'>za @za</a></li>
                                <li><a href='https://www.github.com/Novice-expert'>Divyanshu Dev @Novice-expert</a></li>
                                <li><a href='https://www.github.com/Pastekitoo'>Pastekitoo @Pastekitoo</a></li>
                                <li><a href='https://www.github.com/tiborhercz'>Tibor Hercz @tiborhercz</a></li>
                                <li><a href='https://www.github.com/neatzsche'>Chris Elbring Jr. @neatzsche</a></li>
                                <li><a href='https://www.github.com/adarsh-a-tw'>Adarsh A @adarsh-a-tw</a></li>
                                <li><a href='https://www.github.com/diamant3'>Diamond Rivero @diamant3</a></li>
                                <li><a href='https://www.github.com/nwolniak'>Norbert Wolniak @nwolniak</a></li>
                                <li><a href='https://www.github.com/fchyla'>Filip Chyla @fchyla</a></li>
                                <li><a href='https://www.github.com/Dlitosh'>Dmitry Litosh @Dlitosh</a></li>
                                <li><a href='https://www.github.com/djvinnie'>Vineeth Jagadeesh @djvinnie</a></li>
                                <li><a href='https://www.github.com/mahaputrailhamawal'>Mahaputra Ilham Awal
                                        @mahaputrailhamawal</a></li>
                                <li><a href='https://www.github.com/turjoc120'>Turjo Chowdhury @turjoc120</a></li>
                                <li><a href='https://www.github.com/SndR85'>SndR @SndR85</a></li>
                                <li><a href='https://www.github.com/tghosth'>Josh Grossman @tghosth</a></li>
                                <li><a href='https://www.github.com/alphasecio'>alphasec @alphasecio</a></li>
                                <li><a href='https://www.github.com/CaduRoriz'>CaduRoriz @CaduRoriz</a></li>
                                <li><a href='https://www.github.com/madhuakula'>Madhu Akula @madhuakula</a></li>
                                <li><a href='https://www.github.com/mikewoudenberg'>Mike Woudenberg @mikewoudenberg</a>
                                </li>
                                <li><a href='https://www.github.com/northdpole'>Spyros @northdpole</a></li>
                                <li><a href='https://www.github.com/RubenAtBinx'>RubenAtBinx @RubenAtBinx</a></li>
                                <li><a href='https://www.github.com/alex-bender'>Alex Bender @alex-bender</a></li>
                                <li><a href='https://www.github.com/dannylloyd'>Danny Lloyd @dannylloyd</a></li>
                                <li><a href='https://www.github.com/nhumblot'>Nicolas Humblot @nhumblot</a></li>
                                <li><a href='https://www.github.com/kingthorin'>Rick M @kingthorin</a></li>
                                <li><a href='https://www.github.com/szh'>Shlomo Zalman Heigh @szh</a></li>
                                <li><a href='https://www.github.com/f3rn0s'>Fern @f3rn0s</a></li>
                                <li><a href='https://www.github.com/Wind010'>Jeff Tong @Wind010</a></li>
                            </ul>
                            Testers:
                            <ul>
                                <li><a href='https://www.github.com/davevs'>Dave van Stein @davevs</a></li>
                                <li><a href='https://www.github.com/drnow4u'>Marcin Nowak @drnow4u</a></li>
                                <li><a href='https://www.github.com/mchangsp'>Marc Chang Sing Pang @mchangsp</a></li>
                                <li><a href='https://www.github.com/djvinnie'>Vineeth Jagadeesh @djvinnie</a></li>
                            </ul>
                            Special mentions for helping out:
                            <ul>
                                <li><a href='https://www.github.com/madhuakula'>Madhu Akula @madhuakula @madhuakula</a>
                                </li>
                                <li><a href='https://www.github.com/nbaars'>Nanne Baars @nbaars @nbaars</a></li>
                                <li><a href='https://www.github.com/bkimminich'>Björn Kimminich @bkimminich</a></li>
                                <li><a href='https://www.github.com/devsecops'>Dan Gora @devsecops</a></li>
                                <li><a href='https://www.github.com/saragluna'>Xiaolu Dai @saragluna</a></li>
                                <li><a href='https://www.github.com/jonathanGiles'>Jonathan Giles @jonathanGiles</a>
                                </li>
                            </ul>
                    </div>
                </div>
                <div class="col-12 col-lg-7">
                    <div class="border border-dark thank-you">
                        Resources/further reading on secrets management:<br />
                        <ul>
                            <li>
                                <a
                                    href="https://dev.to/commjoen/secure-deployment-10-pointers-on-secrets-management-187j">Blog:
                                    10 Pointers on Secrets Management</a>
                            </li>
                            <li>
                                <a href="https://owaspsamm.org/model/implementation/secure-deployment/stream-b/">OWASP
                                    SAMM on Secret Management</a>
                            </li>
                            <li>
                                <a href="https://github.com/topics/secrets-detection">The secret detection topic at
                                    Github</a>
                            </li>
                            <li>
                                <a
                                    href="https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Secrets_Management_Cheat_Sheet.md">OWASP
                                    Secretsmanagement Cheatsheet</a>
                            </li>
                            <li>
                                <a
                                    href="https://www.opencre.org/cre/223-780?register=true&type=tool&tool_type=training&tags=secrets,training&description=With%20this%20app%2C%20we%20have%20packed%20various%20ways%20of%20how%20to%20not%20store%20your%20secrets.%20These%20can%20help%20you%20to%20realize%20whether%20your%20secret%20management%20is%20ok.%20The%20challenge%20is%20to%20find%20all%20the%20different%20secrets%20by%20means%20of%20various%20tools%20and%20techniques.%20Can%20you%20solve%20all%20the%2014%20challenges%3F&trk=flagship-messaging-web&messageThreadUrn=urn:li:messagingThread:2-YmRkNjRkZTMtNjRlYS00OWNiLWI2YmUtMDYwNzY3ZjI1MDcyXzAxMg==&lipi=urn:li:page:d_flagship3_feed;J58Sgd80TdanpKWFMH6z+w==">Open
                                    CRE on Secrets Management</a>
                            </li>
                        </ul>
                    </div>
                    <div class="border border-dark thank-you">
                        Wondering what a secret is? A secret is often a confidential piece of information that is
                        required to unlock certain functionalities or information. It can exists in many shapes or
                        forms, for instance:
                        <ul>
                            <li>2FA keys</li>
                            <li>Activation/Callback links</li>
                            <li>API keys</li>
                            <li>Credentials</li>
                            <li>Passwords</li>
                            <li>Private keys (decryption, signing, TLS, SSH, GPG)</li>
                            <li>Secret keys (symmetric encryption, HMAC)</li>
                            <li>Session cookies</li>
                            <li>Tokens (Session, Refresh, Authentication, Activation, etc.)</li>
                        </ul>
                    </div>
                    <div class="border border-dark thank-you text-center">
                        Want to see if your tool of choice detects all the secrets available in this project?
                        <br />
                        <a
                            href="https://github.com/OWASP/wrongsecrets/#use-owasp-wrongsecrets-as-a-secret-detection-benchmark">
                            Check the instructions in the README
                        </a>.
                    </div>
                    <div class="border border-dark thank-you text-center">
                        Developing our solution in 3 clouds costs money. Want to help us to cover our cloud bills?
                        <a href="https://owasp.org/donate/?reponame=www-project-wrongsecrets&title=OWASP+wrongsecrets"
                            target="_blank">Donate</a>.
                    </div>
                </div>
            </div>
        </div>
    </div>
</body>

</html>
